def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ server = Server(get_store(request), op_endpoint=request.build_absolute_uri( reverse('openid-provider-root'))) # Cancellation if 'cancel' in request.REQUEST: if 'OPENID_REQUEST' in request.session: return oresponse_to_response(server, request.session['OPENID_REQUEST'].answer(False)) else: return HttpResponseRedirect('/') # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): del request.session['AuthorizationInfo'] querydict = dict(request.REQUEST.items()) try: orequest = server.decodeRequest(querydict) except ProtocolError, why: logger.error('Invalid OpenID message %s' % querydict) return oresponse_to_response(server, why)
def __init__(self, base_url): self.store = MemoryStore() self.identity_url = base_url + 'identity' self.localid_url = base_url + 'localid' self.endpoint_url = base_url + 'endpoint' self.server = Server(self.store, self.endpoint_url) self.last_request = None
def __init__(self, base_url): self.store = MemoryStore() self.identity_url = base_url + 'identity' self.localid_url = base_url + 'localid' self.endpoint_url = base_url + 'endpoint' self.server = Server(self.store, self.endpoint_url) self.last_request = None self.type_uris = ['http://specs.openid.net/auth/2.0/signon']
def getServer(request): """ Get a Server object to perform OpenID authentication. """ endpoint_url = request.build_absolute_uri(reverse('server:endpoint')) # Method `build_absolute_uri` returns str in both python 2 and 3, convert to text_type in 2.7 if isinstance(endpoint_url, six.binary_type): endpoint_url = endpoint_url.decode('utf-8') return Server(getOpenIDStore(), endpoint_url)
def openid_decide(request): """ The page that asks the user if they really want to sign in to the site, and lets them add the consumer to their trusted whitelist. # If user is logged in, ask if they want to trust this trust_root # If they are NOT logged in, show the landing page """ custom_log(request, "User entered openid_decide page", level="debug") server = Server(get_store(request), op_endpoint=request.build_absolute_uri(reverse('openid-provider-root'))) orequest = server.decodeRequest(request.session.get('OPENID_REQUEST')) trust_root_valid = request.session.get('OPENID_TRUSTROOT_VALID') if not (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()): custom_log(request, "User is not authenticated. Redirect to sign-in page", level="debug") return landing_page(request, orequest) openid = openid_get_identity(request, orequest.identity) if openid is None: custom_log(request, "No OpenID exists for user %s" % request.browser.user, level="warn") return error_page( request, "You are signed in but you don't have OpenID here!") if request.method == 'POST' and request.POST.get('decide_page', False): if request.POST.get("cancel"): custom_log(request, "User cancelled authentication from the decide page", level="info") for k in ["AuthorizationInfo", "OPENID_TRUSTROOT_VALID", "OPENID_REQUEST", get_trust_session_key(orequest)]: try: del request.session[k] except KeyError: pass custom_log(request, "Cancelled. Redirect to front page", level="debug") return HttpResponseRedirect(reverse("login_frontend.views.indexview")) (obj, created) = TrustedRoot.objects.get_or_create( openid=openid, trust_root=orequest.trust_root) if created: custom_log(request, "Created a new TrustRoot for %s" % orequest.trust_root) else: custom_log(request, "Old TrustRoot for %s exists" % orequest.trust_root) if not conf.FAILED_DISCOVERY_AS_VALID: custom_log(request, "Setting %s=True" % (get_trust_session_key(orequest)), level="debug") request.session[get_trust_session_key(orequest)] = True custom_log(request, "Redirecting to OpenID server root", level="debug") return HttpResponseRedirect(reverse('openid-provider-root')) custom_log(request, "Showing decide page", level="info") return render_to_response('openid_provider/decide.html', { 'title': _('Trust this site?'), 'trust_root': orequest.trust_root, 'trust_root_valid': trust_root_valid, 'return_to': orequest.return_to, 'identity': orequest.identity, 'sreg': get_default_sreg_data(request, orequest), }, context_instance=RequestContext(request))
def __init__(self, request): self.request = request self.openid_server = Server(SFOpenIDStore(self.request.db_session), request.route_url('openid_provider')) userid = authenticated_userid(request) self.auth_userid = userid or request.session.get('auth_userid') if self.auth_userid: query = self.request.db_session.query(UserProfile) self.auth_user = query.get(self.auth_userid) else: self.auth_user = None
def setUp(self): super(TestGetMacaroonNS, self).setUp() params = { 'openid.mode': 'checkid_setup', 'openid.trust_root': 'http://localhost/', 'openid.return_to': 'http://localhost/', 'openid.identity': IDENTIFIER_SELECT, } openid_store = getUtility(IOpenIDConsumerStore) openid_server = Server(openid_store, get_server_url()) self.orequest = openid_server.decodeRequest(params)
def test_fromOpenIDRequest(self): params = { 'openid.mode': 'checkid_setup', 'openid.trust_root': 'http://localhost/', 'openid.return_to': 'http://localhost/', 'openid.identity': IDENTIFIER_SELECT, } openid_store = getUtility(IOpenIDConsumerStore) openid_server = Server(openid_store, get_server_url()) orequest = openid_server.decodeRequest(params) req = MacaroonRequest.fromOpenIDRequest(orequest) self.assertIsNone(req.caveat_id) self.assertEqual(MACAROON_NS, req.ns_uri)
def test_fromSuccessResponse_no_signed(self): params = { 'openid.mode': 'checkid_setup', 'openid.trust_root': 'http://localhost/', 'openid.return_to': 'http://localhost/', 'openid.identity': IDENTIFIER_SELECT, } openid_store = getUtility(IOpenIDConsumerStore) openid_server = Server(openid_store, get_server_url()) orequest = openid_server.decodeRequest(params) success_resp = SuccessResponse(orequest, orequest.message) resp = MacaroonResponse.fromSuccessResponse(success_resp) self.assertIsNone(resp.discharge_macaroon_raw)
def init_idp(self): self.datastore = OpenIDStore(self.get_config_value('database url')) self.server = Server(self.datastore, op_endpoint=self.endpoint_url) # Expose OpenID presence in the root headers = self._root.default_headers headers['X-XRDS-Location'] = self.endpoint_url + 'XRDS' html_heads = self._root.html_heads HEAD_LINK = '<link rel="%s" href="%s">' openid_heads = [ HEAD_LINK % ('openid2.provider', self.endpoint_url), HEAD_LINK % ('openid.server', self.endpoint_url) ] html_heads['openid'] = openid_heads
def prep_response(request, orequest, oresponse, server=None): # Convert a webresponse from the OpenID library in to a Django HttpResponse if not server: server = Server(get_store(request), op_endpoint=request.build_absolute_uri( reverse('openid-provider-root'))) webresponse = server.encodeResponse(oresponse) if webresponse.code == 200 and orequest.mode in BROWSER_REQUEST_MODES: response = render_to_response('openid_provider/response.html', { 'body': webresponse.body, }, context_instance=RequestContext(request)) logger.debug('rendering browser response') else: response = HttpResponse(webresponse.body) response.status_code = webresponse.code for key, value in webresponse.headers.items(): response[key] = value logger.debug('rendering raw response') return response
def __init__(self, context, request): super(OpenIDMixin, self).__init__(context, request) self.server_url = get_server_url() self.openid_server = Server(openid_store, self.server_url)
def getServer(request): """ Get a Server object to perform OpenID authentication. """ return Server(getOpenIDStore(), getViewURL(request, endpoint))
def get_openid_server(request): store = DjangoDBOpenIDStore() return Server(store, endpoint_url(request))
def openid_get_server(request): return Server(get_store(request), op_endpoint=request.build_absolute_uri( reverse('openid-provider-root')))
def getServer(request): """ Get a Server object to perform OpenID authentication. """ endpoint_url = request.build_absolute_uri(reverse('server:endpoint')) return Server(getOpenIDStore(), endpoint_url)
def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ custom_log(request, "Server request: %s: %s" % (request.method, request.POST or request.GET), level="debug") server = Server(get_store(request), op_endpoint=request.build_absolute_uri(reverse('openid-provider-root'))) if not request.is_secure(): # if request is not secure allow only encrypted association sessions custom_log(request, "Request is not secure. Switching to encrypted negotiator", level="debug") server.negotiator = encrypted_negotiator # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): custom_log(request, "Clearing AuthorizationInfo session var", level="debug") del request.session['AuthorizationInfo'] querydict = dict(request.REQUEST.items()) orequest = server.decodeRequest(querydict) if not orequest: orequest = server.decodeRequest(request.session.get('OPENID_REQUEST', None)) if orequest: # remove session stored data: custom_log(request, "Removing stored data from session", level="debug") del request.session['OPENID_REQUEST'] else: # not request, render info page: data = { 'host': request.build_absolute_uri('/'), 'xrds_location': request.build_absolute_uri( reverse('openid-provider-xrds')), } custom_log(request, "Not an OpenID request, sending info: %s" % data, level="info") if request.browser and request.browser.user: data["openid_identifier"] = "https://" + request.get_host() + reverse('openid-provider-identity', args=[request.browser.user.username]) else: data["page_url"] = request.build_absolute_uri() return render_to_response('openid_provider/server.html', data, context_instance=RequestContext(request)) custom_log(request, "orequest.mode: %s" % orequest.mode, level="debug") if orequest.mode in BROWSER_REQUEST_MODES: if not (request.browser and request.browser.user and request.browser.is_authenticated() and request.user.is_authenticated()): custom_log(request, "no local authentication, sending landing page", level="debug") return landing_page(request, orequest) openid = openid_is_authorized(request, orequest.identity, orequest.trust_root) # verify return_to: trust_root_valid = trust_root_validation(orequest) custom_log(request, "trust_root_valid=%s" % trust_root_valid, level="debug") validated = False # Allow per-url exceptions for trust roots. for global_trusted_root in settings.OPENID_TRUSTED_ROOTS: if orequest.trust_root.startswith(global_trusted_root): custom_log(request, "Trust root %s is in always trusted roots. Set validated=True" % orequest.trust_root, level="debug") validated = True break if conf.FAILED_DISCOVERY_AS_VALID: if trust_root_valid == 'DISCOVERY_FAILED' or trust_root_valid == 'Unreachable': custom_log(request, "Setting validated=True as FAILED_DISCOVERY_AS_VALID is True", level="debug") validated = True else: # if in decide already took place, set as valid: if request.session.get(get_trust_session_key(orequest), False): custom_log(request, "Setting validated=True as session var %s is True" % (get_trust_session_key(orequest)), level="debug") validated = True custom_log(request, "Session key: %s=%s" % (get_trust_session_key(orequest), request.session.get(get_trust_session_key(orequest))), level="debug") custom_log(request, "OpenID is %s" % openid, level="debug") if openid is not None and (validated or trust_root_valid == 'Valid'): id_url = request.build_absolute_uri( reverse('openid-provider-identity', args=[openid.openid])) try: oresponse = orequest.answer(True, identity=id_url) except ValueError, e: return render_to_response("openid_provider/error.html", {"title": "Invalid identity URL", "msg": e.message}, context_instance=RequestContext(request)) custom_log(request, 'orequest.answer(True, identity="%s")' % id_url, level="debug") elif orequest.immediate: custom_log(request, 'checkid_immediate mode not supported', level="debug") raise Exception('checkid_immediate mode not supported') else: request.session['OPENID_REQUEST'] = orequest.message.toPostArgs() request.session['OPENID_TRUSTROOT_VALID'] = trust_root_valid custom_log(request, "redirecting to decide page", level="debug") return HttpResponseRedirect(reverse('openid-provider-decide'))
def openid_server(request): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ logger.debug('server request %s: %s', request.method, request.POST or request.GET) server = Server(get_store(request), op_endpoint=request.build_absolute_uri( reverse('openid-provider-root'))) if not request.is_secure(): # if request is not secure allow only encrypted association sessions server.negotiator = encrypted_negotiator # Clear AuthorizationInfo session var, if it is set if request.session.get('AuthorizationInfo', None): del request.session['AuthorizationInfo'] querydict = dict(request.REQUEST.items()) orequest = server.decodeRequest(querydict) if not orequest: orequest = request.session.get('OPENID_REQUEST', None) if orequest: # remove session stored data: del request.session['OPENID_REQUEST'] else: # not request, render info page: data = { 'host': request.build_absolute_uri('/'), 'xrds_location': request.build_absolute_uri(reverse('openid-provider-xrds')), } logger.debug('invalid request, sending info: %s', data) return render_to_response('openid_provider/server.html', data, context_instance=RequestContext(request)) if orequest.mode in BROWSER_REQUEST_MODES: if not request.user.is_authenticated(): #return HttpResponse(orequest.return_to) logger.debug('no local authentication, sending landing page') return landing_page(request, orequest) openid = openid_is_authorized(request, orequest.identity, orequest.trust_root) if openid is not None: id_url = request.build_absolute_uri( reverse('openid-provider-identity', args=[openid.openid])) oresponse = orequest.answer(True, identity=id_url) logger.debug('orequest.answer(True, identity="%s")', id_url) elif orequest.immediate: logger.debug('checkid_immediate mode not supported') raise Exception('checkid_immediate mode not supported') else: request.session['OPENID_REQUEST'] = orequest logger.debug('redirecting to decide page') return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) if request.user.is_authenticated(): add_sreg_data(request, orequest, oresponse) if conf.AX_EXTENSION: add_ax_data(request, orequest, oresponse) # Convert a webresponse from the OpenID library in to a Django HttpResponse webresponse = server.encodeResponse(oresponse) if webresponse.code == 200 and orequest.mode in BROWSER_REQUEST_MODES: response = render_to_response('openid_provider/response.html', { 'body': webresponse.body, }, context_instance=RequestContext(request)) logger.debug('rendering browser response') else: response = HttpResponse(webresponse.body) response.status_code = webresponse.code for key, value in webresponse.headers.items(): response[key] = value logger.debug('rendering raw response') return response
def get_server(self, request): url = request.build_absolute_uri(request.path) return Server(DjangoOpenIDStore(), op_endpoint=url)
def openid_server(req): """ This view is the actual OpenID server - running at the URL pointed to by the <link rel="openid.server"> tag. """ host = get_base_uri(req) try: # if we have django_openid_auth in applications directory # then we can use DjangoOpenIDStore from django_openid_auth.store import DjangoOpenIDStore store = DjangoOpenIDStore() except: # otherwise use FileOpenIDStore OPENID_FILESTORE = '/tmp/openid-filestore' from openid.store.filestore import FileOpenIDStore store = FileOpenIDStore(OPENID_FILESTORE) server = Server(store, op_endpoint="%s%s" % (host, reverse('openid-provider-root'))) # Clear AuthorizationInfo session var, if it is set if req.session.get('AuthorizationInfo', None): del req.session['AuthorizationInfo'] querydict = dict(req.REQUEST.items()) try: orequest = server.decodeRequest(querydict) except: L.exception("Request decode failed") orequest = None if not orequest: orequest = req.session.get('OPENID_REQUEST', None) if not orequest: # not request, render info page: return render_to_response('openid_provider/server.html', { 'host': host, }, context_instance=RequestContext(req)) else: # remove session stored data: del req.session['OPENID_REQUEST'] if orequest.mode in ("checkid_immediate", "checkid_setup"): if not req.user.is_authenticated(): return landing_page(req, orequest) openid = openid_is_authorized(req, orequest.identity, orequest.trust_root) if openid is not None: oresponse = orequest.answer( True, identity="%s%s" % (host, reverse('openid-provider-identity', args=[openid.openid]))) sreg_data = {'nickname': req.user.username} sreg_req = sreg.SRegRequest.fromOpenIDRequest(orequest) sreg_resp = sreg.SRegResponse.extractResponse(sreg_req, sreg_data) oresponse.addExtension(sreg_resp) elif orequest.immediate: raise Exception('checkid_immediate mode not supported') else: req.session['OPENID_REQUEST'] = orequest return HttpResponseRedirect(reverse('openid-provider-decide')) else: oresponse = server.handleRequest(orequest) webresponse = server.encodeResponse(oresponse) return django_response(webresponse)
def provider_login(request): """ OpenID login endpoint """ # pylint: disable=too-many-statements # make and validate endpoint endpoint = get_xrds_url('login', request) if not endpoint: return default_render_failure(request, "Invalid OpenID request") # initialize store and server store = DjangoOpenIDStore() server = Server(store, endpoint) # first check to see if the request is an OpenID request. # If so, the client will have specified an 'openid.mode' as part # of the request. if request.method == 'GET': querydict = dict(request.GET.items()) else: querydict = dict(request.POST.items()) error = False if 'openid.mode' in request.GET or 'openid.mode' in request.POST: # decode request try: openid_request = server.decodeRequest(querydict) except (UntrustedReturnURL, ProtocolError): openid_request = None if not openid_request: return default_render_failure(request, "Invalid OpenID request") # don't allow invalid and non-trusted trust roots if not validate_trust_root(openid_request): return default_render_failure(request, "Invalid OpenID trust root") # checkid_immediate not supported, require user interaction if openid_request.mode == 'checkid_immediate': return provider_respond(server, openid_request, openid_request.answer(False), {}) # checkid_setup, so display login page # (by falling through to the provider_login at the # bottom of this method). elif openid_request.mode == 'checkid_setup': if openid_request.idSelect(): # remember request and original path request.session['openid_setup'] = { 'request': openid_request, 'url': request.get_full_path(), 'post_params': request.POST, } # user failed login on previous attempt if 'openid_error' in request.session: error = True del request.session['openid_error'] # OpenID response else: return provider_respond(server, openid_request, server.handleRequest(openid_request), {}) # handle login redirection: these are also sent to this view function, # but are distinguished by lacking the openid mode. We also know that # they are posts, because they come from the popup elif request.method == 'POST' and 'openid_setup' in request.session: # get OpenID request from session openid_setup = request.session['openid_setup'] openid_request = openid_setup['request'] openid_request_url = openid_setup['url'] post_params = openid_setup['post_params'] # We need to preserve the parameters, and the easiest way to do this is # through the URL url_post_params = { param: post_params[param] for param in post_params if param.startswith('openid') } encoded_params = urllib.urlencode(url_post_params) if '?' not in openid_request_url: openid_request_url = openid_request_url + '?' + encoded_params else: openid_request_url = openid_request_url + '&' + encoded_params del request.session['openid_setup'] # don't allow invalid trust roots if not validate_trust_root(openid_request): return default_render_failure(request, "Invalid OpenID trust root") # check if user with given email exists # Failure is redirected to this method (by using the original URL), # which will bring up the login dialog. email = request.POST.get('email', None) try: user = User.objects.get(email=email) except User.DoesNotExist: request.session['openid_error'] = True if settings.FEATURES['SQUELCH_PII_IN_LOGS']: AUDIT_LOG.warning(u"OpenID login failed - Unknown user email") else: msg = u"OpenID login failed - Unknown user email: {0}".format(email) AUDIT_LOG.warning(msg) return HttpResponseRedirect(openid_request_url) # attempt to authenticate user (but not actually log them in...) # Failure is again redirected to the login dialog. username = user.username password = request.POST.get('password', None) try: user = authenticate(username=username, password=password, request=request) except RateLimitException: AUDIT_LOG.warning(u'OpenID - Too many failed login attempts.') return HttpResponseRedirect(openid_request_url) if user is None: request.session['openid_error'] = True if settings.FEATURES['SQUELCH_PII_IN_LOGS']: AUDIT_LOG.warning(u"OpenID login failed - invalid password") else: AUDIT_LOG.warning( u"OpenID login failed - password for %s is invalid", email) return HttpResponseRedirect(openid_request_url) # authentication succeeded, so fetch user information # that was requested if user is not None and user.is_active: # remove error from session since login succeeded if 'openid_error' in request.session: del request.session['openid_error'] if settings.FEATURES['SQUELCH_PII_IN_LOGS']: AUDIT_LOG.info(u"OpenID login success - user.id: %s", user.id) else: AUDIT_LOG.info( u"OpenID login success - %s (%s)", user.username, user.email) # redirect user to return_to location url = endpoint + urlquote(user.username) response = openid_request.answer(True, None, url) # Note too that this is hardcoded, and not really responding to # the extensions that were registered in the first place. results = { 'nickname': user.username, 'email': user.email, 'fullname': user.profile.name, } # the request succeeded: return provider_respond(server, openid_request, response, results) # the account is not active, so redirect back to the login page: request.session['openid_error'] = True if settings.FEATURES['SQUELCH_PII_IN_LOGS']: AUDIT_LOG.warning( u"Login failed - Account not active for user.id %s", user.id) else: AUDIT_LOG.warning( u"Login failed - Account not active for user %s", username) return HttpResponseRedirect(openid_request_url) # determine consumer domain if applicable return_to = request.GET.get('openid.return_to') or request.POST.get('openid.return_to') or '' if return_to: matches = re.match(r'\w+:\/\/([\w\.-]+)', return_to) return_to = matches.group(1) # display login page response = render_to_response('provider_login.html', { 'error': error, 'return_to': return_to }) # add custom XRDS header necessary for discovery process response['X-XRDS-Location'] = get_xrds_url('xrds', request) return response
def provider_login(request): """ OpenID login endpoint """ # make and validate endpoint endpoint = get_xrds_url('login', request) if not endpoint: return default_render_failure(request, "Invalid OpenID request") # initialize store and server store = DjangoOpenIDStore() server = Server(store, endpoint) # first check to see if the request is an OpenID request. # If so, the client will have specified an 'openid.mode' as part # of the request. querydict = dict(request.REQUEST.items()) error = False if 'openid.mode' in request.GET or 'openid.mode' in request.POST: # decode request try: openid_request = server.decodeRequest(querydict) except (UntrustedReturnURL, ProtocolError): openid_request = None if not openid_request: return default_render_failure(request, "Invalid OpenID request") # don't allow invalid and non-trusted trust roots if not validate_trust_root(openid_request): return default_render_failure(request, "Invalid OpenID trust root") # checkid_immediate not supported, require user interaction if openid_request.mode == 'checkid_immediate': return provider_respond(server, openid_request, openid_request.answer(False), {}) # checkid_setup, so display login page # (by falling through to the provider_login at the # bottom of this method). elif openid_request.mode == 'checkid_setup': if openid_request.idSelect(): # remember request and original path request.session['openid_setup'] = { 'request': openid_request, 'url': request.get_full_path() } # user failed login on previous attempt if 'openid_error' in request.session: error = True del request.session['openid_error'] # OpenID response else: return provider_respond(server, openid_request, server.handleRequest(openid_request), {}) # handle login redirection: these are also sent to this view function, # but are distinguished by lacking the openid mode. We also know that # they are posts, because they come from the popup elif request.method == 'POST' and 'openid_setup' in request.session: # get OpenID request from session openid_setup = request.session['openid_setup'] openid_request = openid_setup['request'] openid_request_url = openid_setup['url'] del request.session['openid_setup'] # don't allow invalid trust roots if not validate_trust_root(openid_request): return default_render_failure(request, "Invalid OpenID trust root") # check if user with given email exists # Failure is redirected to this method (by using the original URL), # which will bring up the login dialog. email = request.POST.get('email', None) try: user = User.objects.get(email=email) except User.DoesNotExist: request.session['openid_error'] = True msg = "OpenID login failed - Unknown user email: %s" AUDIT_LOG.warning(msg, email) return HttpResponseRedirect(openid_request_url) # attempt to authenticate user (but not actually log them in...) # Failure is again redirected to the login dialog. username = user.username password = request.POST.get('password', None) try: user = authenticate(username=username, password=password, request=request) except RateLimitException: AUDIT_LOG.warning('OpenID - Too many failed login attempts.') return HttpResponseRedirect(openid_request_url) if user is None: request.session['openid_error'] = True msg = "OpenID login failed - password for %s is invalid" AUDIT_LOG.warning(msg, email) return HttpResponseRedirect(openid_request_url) # authentication succeeded, so fetch user information # that was requested if user is not None and user.is_active: # remove error from session since login succeeded if 'openid_error' in request.session: del request.session['openid_error'] AUDIT_LOG.info("OpenID login success - %s (%s)", user.username, user.email) # redirect user to return_to location url = endpoint + urlquote(user.username) response = openid_request.answer(True, None, url) # TODO: for CS50 we are forcibly returning the username # instead of fullname. In the OpenID simple registration # extension, we don't have to return any fields we don't # want to, even if they were marked as required by the # Consumer. The behavior of what to do when there are # missing fields is up to the Consumer. The proper change # should only return the username, however this will likely # break the CS50 client. Temporarily we will be returning # username filling in for fullname in addition to username # as sreg nickname. # Note too that this is hardcoded, and not really responding to # the extensions that were registered in the first place. results = { 'nickname': user.username, 'email': user.email, 'fullname': user.username } # the request succeeded: return provider_respond(server, openid_request, response, results) # the account is not active, so redirect back to the login page: request.session['openid_error'] = True msg = "Login failed - Account not active for user %s" AUDIT_LOG.warning(msg, username) return HttpResponseRedirect(openid_request_url) # determine consumer domain if applicable return_to = '' if 'openid.return_to' in request.REQUEST: return_to = request.REQUEST['openid.return_to'] matches = re.match(r'\w+:\/\/([\w\.-]+)', return_to) return_to = matches.group(1) # display login page response = render_to_response('provider_login.html', { 'error': error, 'return_to': return_to }) # add custom XRDS header necessary for discovery process response['X-XRDS-Location'] = get_xrds_url('xrds', request) return response
def get_server(request): """ Get a Server object to perform OpenID authentication. """ return Server(get_openid_store(), get_view_url(request, endpoint))
def get_server(self, request): return Server(DjangoOpenIDStore())
def __init__(self): from openid.server.server import Server from openid.store.memstore import MemoryStore store = MemoryStore() self.server = Server(store, 'http://www.jaraco.com/')